CVE-2017-9434 - log back

CVE-2017-9434 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Remote
Type
+ Denial of service
Description
+ A security issue has been found in crypto++ before 6.0.0 where the Zinflate class, used by classes like Gunzip and Inflator, could perform an out-of-bounds read when decompressing data. The out-of-bounds read occurs on a static table of 30 elements, allocated in initialized memory. An attacker can craft a ZIP file that allows a read of the last two non-existent elements.
References
+ http://seclists.org/oss-sec/2017/q2/419
+ https://github.com/weidai11/cryptopp/commit/07dbcc3d9644b18e05c1776db2a57fe04d780965
+ https://github.com/weidai11/cryptopp/issues/414
Notes